Hello @LeifAlire
While AWS LB could help you to effectively manages GlobalPortal portal selection, but if you already have a Panorama, the NGFW support for Prisma Access Agent provides a more integrated, feature-rich, and centrally managed solution that extends beyond basic connectivity to offer enhanced security, user experience, and operational efficiency across diverse deployment scenarios.
NGFW support for Prisma Access Agent offers several advantages over a traditional portal load balancer by providing a more unified, comprehensive, and streamlined security and management solution. While a a load balancer primarily focuses on directing clients to the optimal portal, Prisma Access Agent integrates a broader set of advanced capabilities and operational efficiencies.
Here are the key reasons why NGFW support for Prisma Access Agent is considered beneficial:
Unified Agent for SASE and NGFW Use Cases The Prisma Access Agent is a next-generation unified agent designed for both Secure Access Service Edge (SASE) and Next-Generation Firewall (NGFW) deployments. It integrates security and networking capabilities into a single platform, offering a holistic approach to network security for cloud, on-premises, and hybrid environments. This unification helps eliminate security gaps .
Streamlined IT Operations and Centralized Management Prisma Access Agent simplifies IT management and operations through a single cloud-based management web interface, Strata Cloud Manager. This platform serves as a central hub for managing Prisma Access Agent-specific settings, including user authentication, agent configurations, and infrastructure details for NGFW deployments, leading to faster mean time to resolution for issues.
Enhanced User Experience and Always-On Connectivity The agent improves the end-user experience by ensuring always-on connectivity and enabling seamless, controlled upgrades. It provides continuous secure access for users regardless of their location.
Robust Traffic Steering and Policy Enforcement The agent intelligently steers all traffic to the best available enforcement node for inspection and control, offering multiple traffic steering options. It enforces traffic policies to prevent security bypasses, blocking, sinkholing, and forwarding traffic to Prisma SASE or NGFW for real-time security inspection and enforcement. The gateway selection algorithm for Prisma Access Agent considers factors like source region and priority.
Seamless Coexistence and Gradual Migration NGFW support for Prisma Access Agent allows it to coexist with GlobalProtect in the same deployment, providing a gradual migration strategy. This means organizations can maintain their existing NGFW setup while introducing advanced Prisma Access Agent capabilities. The Prisma Access Agent license also replaces the GlobalProtect Gateway License. Furthermore, Prisma Access Agent can leverage existing GlobalProtect portal LDAP authentication infrastructure, simplifying the transition.
Advanced Features Beyond Basic Connectivity Prisma Access Agent offers a range of advanced features, including:
Pre-logon support: Establishes a secure connection before user authentication, enabling management and updates of remote devices
Endpoint insights: Collects comprehensive data for troubleshooting endpoint access issues
IPv6 Sinkholing: Enhances security for dual-stack endpoints by sinkholing IPv6 traffic
Captive Portal Support: Automatically detects and handles captive portal authentication within its embedded browser
Embedded Browser Support for SAML Authentication: Provides a consistent in-app experience for logins, simplifying administration and enhancing security
Transparent Proxy Support: Offers always-on internet security and private app access, even coexisting with third-party VPN agents
NGFW Support for Prisma Access Agent
... View more
